CVE-2003-1029
NONE EPSS 95.0%
Published Feb 17, 200422y ago · Modified Jun 16, 20262w ago
Published Feb 17, 2004 22y ago
Last Modified Jun 16, 2026 2w ago
Description
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.
Threat Intelligence
EPSS Exploit Probability
95.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 6
References 12
- lwn.net http://lwn.net/Alerts/66805/
- marc.info http://marc.info/?l=bugtraq&m=107193841728533&w=2
- marc.info http://marc.info/?l=bugtraq&m=107213553214985&w=2
- marc.info http://marc.info/?l=tcpdump-workers&m=107228187124962&w=2
- secunia.com http://secunia.com/advisories/10636
- secunia.com http://secunia.com/advisories/10652
- secunia.com http://secunia.com/advisories/10668
- secunia.com http://secunia.com/advisories/10718
- debian.org http://www.debian.org/security/2004/dsa-425
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:008
- securityfocus.com http://www.securityfocus.com/archive/1/350238/30/21640/threaded
- securitytracker.com http://www.securitytracker.com/id?1008748
Remediation
- debian.org http://www.debian.org/security/2004/dsa-425